Phishing Attacks 13_6_2021

 



(1)

Sender ip

195.133.18.153

From

"brento <brenton@birdon.com.au>"

Subject

"RE: pago devuelto."

Attachment

"Detalles del pago.pdf______________________________.gz"

MD5

60ce782d8c140b615213c5a6c7439f0d

SHA256

9ed3b4a1f25328f29981f22200b31679e9d0cbfa056578836e398781ca7f93f9

Family

Loki

 


(2)

Sender ip

188.225.83.191

From

"Julie-Ann <sms@fashionprofile.in>"

Subject

"Purchase Order A00362"

Attachment

"00010200390_0192021.pdf.r00"

MD5

567d3152ce52b2492ade03fb1879cd8b

SHA256

11b6828bafc1ad822f64a2fd6d36df2825f91b62a9f8e55b5ef396ae8f36fb2f

Family

SnakeKeylogger

 

(3)

 

Sender ip

45.137.22.36

From

"KCTC International Ltd" <bhilosha@indianmetalnalloys.com>"

Subject

"Revise Invoice to Euro Currency//Provide Euro Bank Details"

Attachment

"KCTC International Ltd.zip"

MD5

95a7490c9178c4adda884a3c1c101f21

SHA256

ce6635b0dac51b6cd810ba3232f2cadae9257c36daef19159b305b96497781c2

Family

AgentTesla

   If you wanna know how to analysis AgentTesla Malware you can check my analysis in YouTube  AgentTesla.


(4)

 

Sender ip

185.222.57.171

From

"Fawwaz Sawan <Fawwaz.Sawan@sib.ae>"

Subject

"Payment was returned"

Attachment

"Proforma Invoice.r00"

MD5

53e32e0585e6e6f350acd5559a16ea4b

SHA256

97d1d1810e3e4b893c8fd9a223ef8dda55a0817b02eddf39c8b1d651e9c06756

Family

SnakeKeylogger

 


(5)

Sender ip

142.93.105.132

From

"Sales"<info@server-mesearch.xyz>"

Subject

"RE: RE: the latest price lis"

Attachment

"Price List.IMG"

MD5

6d454d32d0f7082b1501237c76b5d9db

SHA256

4d86f59ed10aea0a69e3eec23bb424fc19c8bb6e998f0034df66a0a260d3282c

Family

Formbook

 

(6)

Sender ip

185.222.57.244

From

"Jong, Alice" <alice.jong@corbion.com>"

Subject

"Shipping Doc ... RE: Revised Shipment details OA 14214 - LC Cable for Proforma Invoice No. 14214"

Attachment

"Proforma Invoice No. 14214.r00"

MD5

d18408259775442e03bb7eb9b7a74bb9

SHA256

87876762e8b346df599bec5396da2cbaf7fb71236c2e77850d9edbae6aa9e906

Family

AgentTesla

  If you wanna know how to analysis AgentTesla Malware you can check my analysis in YouTube  AgentTesla.

(7)

Sender ip

45.137.22.101

From

"UniCredit Bank" <remittance@unicreditgroup.eu>"

Subject

"Payment Swift Copy Notification"

Attachment

"Payment Advice.zip"

MD5

4851e7c2b7701a6ebc793392fe8ad21e

SHA256

b731a3e00ffad3116a3fa57992b948a94734278487405c877d9d902b1f3155dd

Family

SnakeKeylogger


(8)

Sender ip

159.203.91.46

From

"pandey Raveendra"<reply@linkedinmessages.com>"

Subject

"Fwd: FINAL BALANCE PAYMENT SWIFT COPY $.16,436.40"

Attachment

"SPECIALISED SWIFT.iso"

MD5

9b2a82117289990dba47902ced3fce91

SHA256

6ba8016a065bf59fd4139d72d684b0b90f882c1256d4bee681ee6e84bab17446

Family

AgentTesla

  If you wanna know how to analysis AgentTesla Malware you can check my analysis in YouTube  AgentTesla.

(9)

Sender ip

185.222.57.171

From

"Logistica Farmamundi <logistica@farmamundi.org>"

Subject

"El pago fue devuelto"

Attachment

"Factura de proforma.r00"

MD5

1f29be41fd258c98132b0ae9adf210eb

SHA256

fc6d78bd78a5e42e7d1d2645aec3e437a90925635abde501c8a2ff2c8218293f

Family

SnakeKeylogger


(10)

Sender ip

185.222.57.79

From

"lingjing.wang@vahle.com.cn"

Subject

"RE: WRONG IBAN/PAYMENT RETURNED"

Attachment

"GS998M37BeqAVyf.zip"

MD5

80819ac7d6f73b2bcbfd4c088eb12d80

SHA256

2c74c934d6e8da3e5968ea367270bf40415ae4a3046b4c504cc694b98a6bf528

Family

AgentTesla




  If you wanna know how to analysis AgentTesla Malware you can check my analysis in YouTube  AgentTesla.


If you wanna learn malware analysis you can check my YouTube channel I'm trying publish analysis of malware and some methods to analysis malwares.
Please don't forgot subscribe my channel Thank you ♥  

YouTube channel 
https://www.youtube.com/channel/UCParXHaBXBmqRdHuVUg21pA

Comments

Popular posts from this blog

Sunburst Solarwinds Backdoor

Phishing Attacks 9_4_2021

Conti Ransomware